rpms/unbound
5
0
Fork 0
Code Issues Pull Requests Releases Activity

merge spec file

Browse Source
This commit is contained in:
Paul Wouters 2009-01-14 14:57:11 +00:00
parent 460e238035
commit 24585b987f
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
unbound.conf
View File

@ -256,7 +256,7 @@ server:
# infrastructure data. Validates the replies (if possible). # infrastructure data. Validates the replies (if possible).
# Default off, because the lookups burden the server. Experimental # Default off, because the lookups burden the server. Experimental
# implementation of draft-wijngaards-dnsext-resolver-side-mitigation. # implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
# harden-referral-path: no harden-referral-path: yes
# Use 0x20-encoded random bits in the query to foil spoof attempts. # Use 0x20-encoded random bits in the query to foil spoof attempts.
# This feature is an experimental implementation of draft dns-0x20. # This feature is an experimental implementation of draft dns-0x20.
@ -283,7 +283,7 @@ server:
# threshold, a warning is printed and a defensive action is taken, # threshold, a warning is printed and a defensive action is taken,
# the cache is cleared to flush potential poison out of it. # the cache is cleared to flush potential poison out of it.
# A suggested value is 10000000, the default is 0 (turned off). # A suggested value is 10000000, the default is 0 (turned off).
# unwanted-reply-threshold: 0 unwanted-reply-threshold: 10000000
# Do not query the following addresses. No DNS queries are sent there. # Do not query the following addresses. No DNS queries are sent there.
# List one address per entry. List classless netblocks with /size, # List one address per entry. List classless netblocks with /size,
@ -301,7 +301,7 @@ server:
# File with DLV trusted keys. Same format as trust-anchor-file. # File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down. # There can be only one DLV configured, it is trusted from root down.
# Download https://secure.isc.org/ops/dlv/dlv.isc.org.key # Download https://secure.isc.org/ops/dlv/dlv.isc.org.key
# dlv-anchor-file: "/etc/pki/dnssec-dlv/dlv.isc.org.key" # dlv-anchor-file: "/etc/pki/dnssec-keys/dlv.isc.org.key"
# File with trusted keys for validation. Specify more than one file # File with trusted keys for validation. Specify more than one file
# with several entries, one file per entry. # with several entries, one file per entry.
@ -333,7 +333,7 @@ server:
# unsecure data. Useful to shield the users of this validator from # unsecure data. Useful to shield the users of this validator from
# potential bogus data in the additional section. All unsigned data # potential bogus data in the additional section. All unsigned data
# in the additional section is removed from secure messages. # in the additional section is removed from secure messages.
# val-clean-additional: yes val-clean-additional: yes
# Turn permissive mode on to permit bogus messages. Thus, messages # Turn permissive mode on to permit bogus messages. Thus, messages
# for which security checks failed will be returned to clients, # for which security checks failed will be returned to clients,

20
unbound.spec
View File

@ -1,7 +1,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.1.1 Version: 1.2.0
Release: 7%{?dist} Release: 1%{?dist}
License: BSD License: BSD
Url: http://www.nlnetlabs.nl/unbound/ Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@ -19,7 +19,6 @@ Requires(preun): initscripts
Requires(postun): initscripts Requires(postun): initscripts
Requires: ldns >= 1.4.0 Requires: ldns >= 1.4.0
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires: selinux-policy >= 3.5.13-33
# Is this obsolete? # Is this obsolete?
#Provides: caching-nameserver #Provides: caching-nameserver
@ -38,7 +37,7 @@ as a server, but are linked into an application) are easily possible.
Summary: Plugin for the munin / munin-node monitoring package Summary: Plugin for the munin / munin-node monitoring package
Group: System Environment/Daemons Group: System Environment/Daemons
Requires: munin-node Requires: munin-node
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}, bc
%description munin %description munin
Plugin for the munin / munin-node monitoring package Plugin for the munin / munin-node monitoring package
@ -46,7 +45,7 @@ Plugin for the munin / munin-node monitoring package
%package devel %package devel
Summary: Development package that includes the unbound header files Summary: Development package that includes the unbound header files
Group: Development/Libraries Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}, openssl-devel, ldns-devel Requires: %{name}-libs = %{version}-%{release}, openssl-devel >= 0.9.8g-12, ldns-devel
Requires: libevent-devel Requires: libevent-devel
%description devel %description devel
@ -57,6 +56,7 @@ Summary: Libraries used by the unbound server and client applications
Group: Applications/System Group: Applications/System
Requires(post): /sbin/ldconfig Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig Requires(postun): /sbin/ldconfig
Requires: openssl >= 0.9.8g-12
%description libs %description libs
Contains libraries used by the unbound server and client applications Contains libraries used by the unbound server and client applications
@ -149,6 +149,16 @@ fi
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1
- Updated to 1.2.0
- Added dependancy on minimum SSL for CVE-2008-5077
- Added dependancy on bc for unbound-munin
- Removed dependancy on selinux-policy (will get used when available)
- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
- Enable val-clean-additional to drop addition unsigned data from signed
response.
* Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7
- Modified scandir patch to silently fail when wildcard matches nothing - Modified scandir patch to silently fail when wildcard matches nothing
- Patch to allow unbound-checkconf to find empty wildcard matches - Patch to allow unbound-checkconf to find empty wildcard matches